Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/QULADlVaFkMkGPkwn75YSVW2jjo.roa
File:                     QULADlVaFkMkGPkwn75YSVW2jjo.roa (raw, json)
Hash identifier:          Pdhg6mv72WC/M2dgvihGiiCg/pLzNKgcVhlR32+64co=
Subject key identifier:   41:42:C0:0E:55:5A:16:43:24:18:F9:30:9F:BE:58:49:55:B6:8E:3A
Certificate issuer:       /CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
Certificate serial:       018CC5DC4D5602D46E86409BE83AB98E1639
Authority key identifier: 99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/QULADlVaFkMkGPkwn75YSVW2jjo.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47686
IP address blocks:        94.100.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4d:56:02:d4:6e:86:40:9b:e8:3a:b9:8e:16:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4142c00e555a16432418f9309fbe584955b68e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:06:70:90:42:0d:31:0f:83:80:93:f3:9d:db:
                    79:39:3c:5e:6b:32:f0:0c:d9:96:9f:79:f4:ad:8a:
                    95:e3:33:7f:b1:a3:95:a2:ba:71:fd:c5:d7:8b:ff:
                    de:03:32:5f:5f:bf:8f:c6:03:b2:ce:2c:23:ca:d8:
                    5f:3c:f6:74:5f:ca:62:f8:8e:83:cb:54:8b:c3:5b:
                    29:16:e0:70:b4:61:a6:85:9e:6b:33:ae:18:c8:76:
                    bb:34:31:37:41:6f:bf:22:a9:19:e3:93:78:ca:30:
                    0b:e1:5a:82:ef:5d:17:2b:0a:e0:ff:19:11:c5:00:
                    bd:c0:11:ee:02:f2:2f:60:51:2d:bd:cd:81:7f:c7:
                    2b:43:46:bb:b3:db:e7:4c:f4:7b:59:0a:c5:84:32:
                    12:34:2a:54:a4:64:52:77:9a:f7:80:88:9a:36:14:
                    50:87:46:ec:b8:9f:90:07:cd:c1:54:6a:38:16:d5:
                    d4:b1:db:d3:bb:ba:ee:0d:14:6a:36:e7:8a:1e:2e:
                    f1:06:3c:1f:d7:bc:b3:1d:60:a7:2f:9e:a8:83:06:
                    c0:4d:b5:d6:83:31:ea:0b:3c:84:8f:9b:98:e5:28:
                    75:a9:fe:59:4b:3d:70:84:77:ba:87:72:1c:de:6d:
                    ea:97:96:11:81:8a:fb:f8:6e:b7:34:65:ef:28:99:
                    7e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:42:C0:0E:55:5A:16:43:24:18:F9:30:9F:BE:58:49:55:B6:8E:3A
            X509v3 Authority Key Identifier:
                keyid:99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/QULADlVaFkMkGPkwn75YSVW2jjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ca:b9:19:51:8d:de:a5:2d:1d:12:38:10:e5:a2:0b:7f:dd:
         cd:ef:e5:5d:12:a1:4b:f1:b8:73:95:95:39:81:d2:f1:04:21:
         ac:af:26:8f:7d:8d:51:92:f5:51:93:53:8d:ab:e7:51:1b:25:
         3e:c3:32:35:21:23:24:4e:eb:1b:dd:5c:cf:f6:97:fc:30:01:
         39:f7:15:06:cc:35:db:f0:7f:d4:78:dd:3a:4a:71:39:64:e0:
         79:d7:06:ad:f4:ca:15:fc:f5:e5:f5:ef:74:1f:7a:d1:fd:a1:
         46:43:1f:5a:01:c6:20:5b:bb:9a:3d:06:01:ed:99:6c:04:96:
         7a:e5:de:14:aa:7a:d8:e3:b3:51:ac:27:21:8c:03:21:2d:55:
         17:e8:ea:2a:1a:b3:3b:7d:ef:30:db:6f:fc:8c:12:e9:62:16:
         bf:0f:ef:e0:ea:48:04:80:26:ab:25:0e:cf:cb:79:a2:8c:d4:
         7f:dc:f1:74:c4:18:8c:3c:71:0d:e7:31:4e:8f:68:35:d6:a4:
         d8:27:d1:2f:28:8a:3a:6c:3d:6e:d7:d2:0c:04:96:a1:c0:5f:
         25:29:8c:2c:c4:8f:6c:8a:35:08:09:55:77:f6:65:ae:98:d4:
         01:af:c9:45:a8:41:c6:d6:2a:7a:4c:39:26:53:3b:d6:3c:e3:
         c2:3c:2a:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3E1WAtRuhkCb6Dq5jhY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZTcyMDlhOGM5YjE3NmZiZjYyM2VkZjNlZTBiODIwMDdm
YzJjNDAwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTQyYzAwZTU1NWExNjQzMjQxOGY5MzA5ZmJlNTg0OTU1YjY4ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogZwkEINMQ+DgJPzndt5OTxeazLw
DNmWn3n0rYqV4zN/saOVorpx/cXXi//eAzJfX7+PxgOyziwjythfPPZ0X8pi+I6D
y1SLw1spFuBwtGGmhZ5rM64YyHa7NDE3QW+/IqkZ45N4yjAL4VqC710XKwrg/xkR
xQC9wBHuAvIvYFEtvc2Bf8crQ0a7s9vnTPR7WQrFhDISNCpUpGRSd5r3gIiaNhRQ
h0bsuJ+QB83BVGo4FtXUsdvTu7ruDRRqNueKHi7xBjwf17yzHWCnL56ogwbATbXW
gzHqCzyEj5uY5Sh1qf5ZSz1whHe6h3Ic3m3ql5YRgYr7+G63NGXvKJl+WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFCwA5VWhZDJBj5MJ++WElVto46MB8GA1UdIwQY
MBaAFJnnIJqMmxdvv2I+3z7guCAH/CxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUt
YjJkY2MxODYzZThiLzEvUVVMQURsVmFGa01rR1Brd243NVlTVlcyampvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUtYjJkY2MxODYzZThi
LzEvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmRoMA0G
CSqGSIb3DQEBCwUAA4IBAQCAyrkZUY3epS0dEjgQ5aILf93N7+VdEqFL8bhzlZU5
gdLxBCGsryaPfY1RkvVRk1ONq+dRGyU+wzI1ISMkTusb3VzP9pf8MAE59xUGzDXb
8H/UeN06SnE5ZOB51wat9MoV/PXl9e90H3rR/aFGQx9aAcYgW7uaPQYB7ZlsBJZ6
5d4UqnrY47NRrCchjAMhLVUX6OoqGrM7fe8w22/8jBLpYha/D+/g6kgEgCarJQ7P
y3mijNR/3PF0xBiMPHEN5zFOj2g11qTYJ9EvKIo6bD1u19IMBJahwF8lKYwsxI9s
ijUICVV39mWumNQBr8lFqEHG1ip6TDkmUzvWPOPCPCoT
-----END CERTIFICATE-----